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Abstract. We investigate cut-elimination and cut-simulation in impredicative (higher- 
order) logics. We illustrate that adding simple axioms such as Leibniz equations to a 
calculus for an impredicative logic — in our case a sequent calculus for classical type 
theory — is like adding cut. The phenomenon equally applies to prominent axioms like 
Boolean- and functional extensionality, induction, choice, and description. This calls for 
the development of calculi where these principles are built-in instead of being treated 
axiomatically. 



One of the key questions of automated reasoning is the fohowing: "When does a set 
$ of sentences have a model?" In fact, given reasonable assumptions about calculi, most 
inference problems can be reduced to determining (un)-satisfiability of a set $ of sentences. 
Since building models for $ is hard in practice, much research in computational logic has 
concentrated on finding sufficient conditions for satisfiability, e.g. whether there is a Hin- 
tikka set Ti. extending 

Of course in general the answer to the satisfiability question depends on the class of 
models at hand. In classical first-order logic, model classes are well-understood. In impred- 
icative higher-order logic, there is a whole landscape of plausible model classes differing in 
their treatment of functional and Boolean extensionality. Satisfiability then strongly de- 
pends on these classes, for instance, the set $ := {a, b, qa, -^qb} is unsatisfiable in a model 
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class where the universes of Booleans are required to have at most two members (see prop- 
erty b below), but satisfiable in the class without this restriction. 

In [5] we have shown that certain (i.e. saturated) Hintikka sets always have models and 
have derived syntactical conditions (so-called saturated abstract consistency properties) for 
satisfiability from this fact. The importance of abstract consistency properties is that one 
can check completeness for a calculus C by verifying proof-theoretic conditions (checking 
that C-irrefutable sets of formulae have the saturated abstract consistency property) instead 
of performing model-theoretic analysis (for historical background of the abstract consistency 
method in first-order logic, cf. [HI HSl [T7] ) . Unfortunately, the saturation condition (if $ 
is abstractly consistent, then for all sentences A one of <I> U {A} or <I> U {~'A} is as well) is 
very difficult to prove for machine-oriented calculi (indeed as hard as cut elimination as we 
will show). 

In this paper we investigate further the relation between the lack of the subformula 
property in the saturation condition (we need to "guess" whether to extend <I> by A or -lA 
on our way to a Hintikka set) and the cut rule (where we have to "guess," i.e. "search for" in 
an automated reasoning setting the cut formula A). An important result is the insight that 
there exist "cut-strong" formulae which support the effective simulation of cut in calculi 
for impredicative logics. Prominent examples of cut-strong formulae are Leibniz equations 
and the axioms for comprehension, extensionality, induction, description and choice. The 
naive addition of any of these cut-strong formulae to any calculus for an impredicative 
logic is a strong threat for effective automated proof search, since these formulae in a way 
introduce the cut rule through the backdoor (even if the original calculus is cut-free and thus 
appears appropriate for proof automation at first sight). Cut-strong formulae thus introduce 
additional sources for breaking the subformula property and therefore they should either 
be avoided completely or treated with great care in calculi designed for automated proof 
search. 

Consider the following formula of higher-order logic representing Boolean extensionality: 

\fAo.yBo.{A ^B)^ A=° B 

For a theorem prover to make use of this formula, it must instantiate A and B with terms 
of type o. In other words, the theorem prover must synthesize two arbitrary formulas. 
Requiring a theorem prover to synthesize these formulas is just as hard (and unrealistic) 
as requiring a theorem prover to synthesize cut formulas. An alternative to including the 
formula for Boolean extensionality is to include a rule in the search procedure which allows 
the theorem prover to reduce proving A =° B to the subgoal of proving A B. Using this 
rule does not require the prover to synthesize any terms. Simply adding such a rule is not 
enough to obtain a complete calculus. We will explore what additional rules are required 
to obtain completeness and argue that these rules are appropriate for mechanized proof 
search. 

In Section [21 we will fix notation and review the relevant results from [5j . We define 
in Section [3] a basic sequent calculus and study the correspondence between saturation in 
abstract consistency classes and cut-elimination. In Section H] we introduce the notion of 
"cut-strong" formulae and sequents and show that they support the effective simulation of 
cut. In Section [5] we demonstrate that the pertinent extensionality axioms are cut-strong. 
We develop alternative extensionality rules which do not suffer from this problem. Further 
rules are needed to ensure Henkin completeness for this calculus with extensionality. These 
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new rules correspond to the acceptability conditions we propose in Section [6] to ensure the 
existence of models and the existence of saturated extensions of abstract consistency classes. 

2. Higher-Order Logic 

In [S] we have re-examined the semantics of classical higher-order logic with the purpose 
of clarifying the role of extensionality. For this we have defined eight classes of higher-order 
models with respect to various combinations of Boolean extensionality and three forms of 
functional extensionality. We have also developed a methodology of abstract consistency 
(by providing the necessary model existence theorems) needed for instance, to analyze 
completeness of higher-order calculi with respect to these model classes. We now briefly 
summarize the main notions and results of [5] as required for this paper. Our impredicative 
logic of choice is Church's classical type theory. 

2.1. Syntax: Church's Simply Typed A-Calculus. As in [9], we formulate higher- 
order logic (HOC) based on the simply typed A-calculus. The set of simple types T is freely 
generated from basic types o and i using the function type constructor — >. 

For formulae we start with a set V of (typed) variables (denoted by Xa,Y, Z, Xj^,X^ . . .) 
and a signature S of (typed) constants (denoted by Ca,fa^f3, ■ ■ ■)■ We let Va C^a) denote 
the set of variables (constants) of type a. The signature S of constants includes the logical 
constants ^o—>o, '^o^o^o and H"^^^^^^ for each type a; all other constants in S are called 
parameters. As in [5j, we assume there is an infinite cardinal such that the cardinality of 
T,a is i>^s for each type a (cf. [5](3.16)). The set of TlCX-formulae (or terms) are constructed 
from typed variables and constants using application and A-abstraction. We let wff^{T,) be 
the set of all terms of type a and wjf{Ti) be the set of all terms. 

We use vector notation to abbreviate A;-fold applications and abstractions as AU'^ and 
XX^.Pl, respectively. We also use Church's dot notation so that . stands for a (missing) 
left bracket whose mate is as far to the right as possible (consistent with given brackets). 
We use infix notation A V B for ((VA)B) and binder notation VX^.A for (n"(AXQ.Ao)). 
We further use AaB, A=^B, A<;=>B and 3Xq,.A as shorthand for formulae defined in 
terms of V and 11" (cf. [5]). Finally, we let (A^ =" B^) denote the Leibniz equation 
VP„^o.(PA) ^.PB. 

Each occurrence of a variable in a term is either bound by a A or free. We use /ree(A) 
to denote the set of free variables of A (i.e., variables with a free occurrence in A). We 
consider two terms to be equal if the terms are the same up to the names of bound variables 
(i.e., we consider a-conversion implicitly). A term A is closed if /ree(A) is empty. We let 
cwff^iT?) denote the set of closed terms of type a and cwff{T,) denote the set of all closed 
terms. Each term A G wffgiTi) is called a proposition and each term A G cwjJg{T,) is called 
a sentence. 

We denote substitution of a term A„ for a variable X^ in a term B^ by [A/X]B. Since 
we consider a-conversion implicitly, we assume the bound variables of B avoid variable 
capture. 

Two common relations on terms are given by /3-reduction and ??-reduction. A /3-redex 
(AXA)B /3-reduces to [B/X]A. An r/-redex (XX.CX) (where X ^ /ree(C)) //-reduces to 
C. For A, B S wff^ij^), we write A=^B to mean A can be converted to B by a series of 
/3-reductions and expansions. Similarly, A=^^B means A can be converted to B using both 
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(3 and r/. For each A G wff(Ti) there is a unique /3-normal form (denoted AJ,^) and a unique 
/?r/-normal form (denoted AJ,^^). From this fact we know A=^B (A=^^B) iff AJ,^ = BJ,^ 
(Al/3^ = B|^^). 

A non- atomic formula in wffg{T,) is any formula whose /5-normal form is of the form 
[cA"] where c is a logical constant. An atomic formula is any other formula in wff^(T,). 

2.2. Semantics: Eight Model Classes. A model of MX is given by four objects: a typed 
collection of nonempty sets {'Da)aeT, an application operator @: Va^p x T>a — > V^, an 
evaluation function £ for terms and a valuation function v. T>o — > {T,F}. A pair (P,®) 
is called a S-applicative structure (cf. [5j(3.1)). If £ is an evaluation function for (15, @) 
(cf. [5j(3.18)), then we call the triple (P, @,<S) a S-evaluation. If v satisfies appropriate 
properties, then we call the tuple (P, @,<5,t;) a S-model (cf. [5](3.40 and 3.41)). 

Given an applicative structure (2?, @), an assignment (/? is a (typed) function from V to 
T). An evaluation function £ maps an assignment ip and a term Aq, G wff^iTi) to an element 
£lp{A) € T>a- Evaluations £ are required to satisfy four properties (cf. ^(3.18)): 

(1) £^\^ = if. 

(2) £:^(FA) = £^{Y)@£^{A) for any F G wff^^f^{^), A G wff^{^) and types a and /3. 

(3) "^(^(A) = f^(A) for any type a and A G wff^{T,), whenever ip and ^ coincide on 
/ree(A). 

(4) £:^(A) = £UAi(,) for ah A G wjf^i^). 

If A is closed, then we can simply write £{A) since the value £ip{A) cannot depend on ip. 

Given an evaluation {'D,@,£), we define several properties a function v: Vq — > {T, F} 
may satisfy (cf. [5](3.40)). 



prop. 


where 


holds when 


for all 


£.(n) 


n G Po_o 


t;(n@a) = T iff v{b) = F 


a G Vo 


£v(cl) 


d G Po-»o-^o 


t;(d@a@b) = T iff v{a) = T or v{b) = T 


a,b G 


£^(vr) 


TT G 2?(q^o)^o 


i;(7r@f) = T iff Va G Pa v{ma) = T 






q G D ct—>Qi^o 


t;(q@a@b) = T iff a = b 


a, b G I^a 



A valuation v. Vo — > {T,F} is required to satisfy £^(f(^)), £v('f(V)) and £^(f (n°)) for 
every type a. 

Given a model M : = (P, @, <f^, u), an assignment ip and a proposition A (or set of propo- 
sitions <I>), we say M satisfies A (or $) and write |=<^ A (or M ^) if ^^(.^^(A)) = T 
(or v{£^{A)) = T for each A G $). If A is closed (or every member of ^ is closed), then 
we simply write |= A (or A4 \= ^) and say Al is a model of A (or <I>). 

In order to define model classes 971* which correspond to different notions of extension- 
ality, we define five properties of models (cf. [5](3.46, 3.21 and 3.5)). Let A4 := {V,@,£,v) 
be a model. We define: 

q: iff for ah a G T there is a q" G Va^a^o with £^(q"). 

T]: iff {'D,@,£) is r/-functional (i.e., for each A G wff^{Ti) and assignment ip, £,p{A) = 

^: iff (V, @, £) is .^-functional (i.e., for each M, N G wfffj{Ti), A G and assignment ip, 
£^{XXa.Mi3) = £^{XXa.'Ni3) whenever £^<^,[a/x] (M) = £^,[3/x]i'^) for every a G Va). 

f: iff {T>,@) is functional (i.e., for each f , g G Va^p, f = g whenever f@a = g@a for 
every a G Va). 

b: iff lias at most two elements. 
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For each * e {/3,/3r?,/3^,/3f,/3b,/3r/b,/9^b,/3fb} (the latter set will be abbreviated by Ds 
in the remainder) we define 971^, to be the class of all S-models A4 such that A4 satisfies 
property q and each of the additional properties {f/,^, f, b} indicated in the subscript * 
(cf. [5j(3.49)). We always include P in the subscript to indicate that /3-equal terms are 
always interpreted as identical elements. We do not include property q as an explicit 
subscript; q is treated as a basic, implicit requirement for all model classes. See [5] (3.52) 
for a discussion on why we require property q. Since we are varying four properties, one 
would expect to obtain 16 model classes. However, we showed in [5j that f is equivalent to 
the conjunction of ^ and r]. Hence we obtain the eight model classes depicted as a cube 
in Figured! There are example models constructed in [5] to demonstrate that each of the 
eight model classes is distinct. For instance. Example 5.6 of [5] describes how to construct 
a model without ij by attaching labels to functions. 



Tip 




Figure 1: The Landscape of 7C?£-Semantics. 

Special cases of S-models are Henkin models and standard models (cf. [S](3.50 and 3.51)). 
A Henkin model is a model in SJl^jt, such that the applicative structure (2?, @) is a frame, 
i.e. Va-^p is a subset of the function space (Vp)'^" for each a, (3 £ T and @ is function 
application. A standard model is a Henkin model in which is the full function space 

(Tyfj)^". Every model in VJtfsp is isomorphic to a Henkin model (see the discussion following 
i5j(3.68)). 

2.3. Saturated Abstract Consistency Classes and Model Existence. Finally, we 
review the model existence theorems proved in [5J. There are three stages to obtaining a 
model in our framework. First, we obtain an abstract consistency class Is (usually defined 
as the class of irrefutable sets of sentences with respect to some calculus). Second, given 
a (sufficiently pure) set of sentences $ in the abstract consistency class Is we construct a 
Hintikka set Ti extending Third, we construct a model of this Hintikka set (and hence a 
model of $). 

A S-abstract consistency class Is is a class of sets of S-sentences. An abstract consis- 
tency class is always required to be closed under subsets (cf. |5j(6.1)). Sometimes we require 
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the stronger property that Is is compact, i.e. a set $ is in Is iff every finite subset of <I> is 
inTs (cf. 0(6.1,6.2)). 

To describe further properties of abstract consistency classes, we use the notation S *a 
for S U {a} as in [5]. The fohowing is a hst of properties a class Is of sets of sentences can 
satisfy with respect to arbitrary $ G Is (cf. |5](6.5)): 

Vci If A is atomic, then A ^ <i> or -lA ^ <I>. 

V^: If -i-iA G <I>, then <I> * A G Ts. 

V/3: If A=pB and A G then $ * B G Ts. 

Vr,: If A^^^B and A G then $ * B G Ts. 

Vv: If A V B G then ^> * A G Ts or $ * B G Ts. 

Va: If ^(A V B) G then $ * ^A * ^B G Ts. 

V/: If n"F G then ^> * FW G Ts for each W G cwff^{T,). 

V3: If -iII^F G then <I> * ^(Fw) G Is for any parameter Wa G which does not 

occur in any sentence of <I>. 
Vt,: If ^(A =° B) G then $ * A * ^B G Ts or $ * ^A * B G Ts. 
Vg: If -^{XXa.M ="^'^ AXc,.N) G then $ * -^{[w/X]M =^ [w/X]n) G Ts for any 

parameter Wa G which does not occur in any sentence of 
Vf: If -1(0 =°^^ H) G then $ * ^{Gw =^ Hw) G Ts for any parameter Wa G Sq, 

which does not occur in any sentence of 
Vsat- Either <^ * A G Ts or $ * -.A G Ts. 
We say Is is an abstract consistency class if it is closed under subsets and satisfies Vc, 
V-,, Vg, Vv, Va, Vv and V3. We let 2lcc/3 denote the collection of all abstract consistency 
classes. For each * G Ds we refine 2tcc^ to a collection Slcc,, where the additional properties 
{Vr,, V^, Vf, Vf,} indicated by * are required (cf. [5](6.7)). We say an abstract consistency 
class Is is saturated if Vsat holds. 

Using Vc (atomic consistency) and the fact that there are infinitely many parameters 
at each type, we can show every abstract consistency class satisfies non-atomic consistency. 
That is, for every abstract consistency class Is, A G cwjJg{'E) and $ G Is, we have either 
A ^ $ or ^A ^ $ (cf. [5] (6.10)). 

In [5] (6.32) we show that sufficiently S-pure sets in saturated abstract consistency 
classes extend to saturated Hintikka sets. (A set of sentences ^> is sufficiently S-pure if for 
each type a there is a set Va of parameters of type a with cardinality i^g and such that 
no parameter in V occurs in a sentence in <I>. A Hintikka set is a maximal element in an 
abstract consistency class.) 

In the Model Existence Theorem for Saturated Sets [5] (6.33) we show that these sat- 
urated Hintikka sets can be used to construct models Ai which are members of the corre- 
sponding model classes Then we conclude (cf. [5j(6.34)): 

Model Existence Theorem for Saturated Abstract Consistency Classes: For all 

* G Ds, */Is is a saturated abstract consistency class in 2tcc* and ^> G Is is a sufficiently 
Ti-pure set of sentences, then there exists a model M. G 9Jt* that satisfies Furthermore, 
each domain of A4 has cardinality at most 'i^.g. 

In [5] we apply the abstract consistency method to analyze completeness for differ- 
ent natural deduction calculi. Unfortunately, the saturation condition is very difficult to 
prove for machine-oriented calculi (indeed as we will see in Section [3] it is equivalent to cut 
elimination), so Theorem [5] (6.34) cannot be easily used for this purpose directly. 
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In Section [6] we therefore motivate and present a set of extra conditions for Slcc/jfi, we 
call acceptability conditions. The new conditions are sufficient to prove model existence. 

3. Sequent Calculi, Cut and Saturation 

We will now study cut-elimination and cut-simulation with respect to (one-sided) se- 
quent calculi. 



3.1. Sequent Calculi Q. We consider a sequent to be a finite set A of /?- normal sentences 
from cwffgiTi). A sequent calculus Q provides an inductive definition for when hg A holds. 
We say a sequent calculus rule 

Ai • • • A„ 

r 

A 

is admissible in Q if hg A holds whenever hg Aj for all 1 < i < n. For any natural number 
A; > 0, we call an admissible rule r k-admissible if any instance of r can be replaced by a 
derivation with at most k additional proof steps. Given a sequent A, a model Ai, and a 
class SOT of models, we say A is valid for M. (or valid for 9Jt), if |= D for some D G A 
(or A is valid for every A4 S 9Jt). As for sets in abstract consistency classes, we use the 
notation A* A to denote the set Au{A} (which is simply A if A € A). Figure [2] introduces 
several sequent calculus rules. Some of these rules will be used to define sequent calculi, 
while others will be shown admissible (or even /c-admissible). 



Basic Rules 



A atomic (and /3-normal) 
A * A * -lA 



Q{init) 



A * A 

A * ^-1^ 



A * -lA A * -iB 
A*^(A VB) 



Qiy-) 



A * A * B 
A* (A VB) 



^(Vh 



A*-(AC)|^ C^cwff^iY.) 

A * ^n"A 



Inversion Rule 



Weakening and Cut Rules 



A * (Ac)j^ c„ € S 



new 



— — — Q{weak) 
AU A' 

Figure 2: Sequent Calculus Rules 



A*n"A 

A * -i-iA 



A * A 
A * C A * -iC 



A 



Q{Inv") 
Q{cut) 



Remark 3.1 (Alternative Formulations). There are many kinds of sequent calculi given in 
the literature. We could have chosen to work with two sided sequents. This choice would 
have allowed us to generalize many of our results to the intuitionistic case. The notion of 
cut-strong formulae could still be defined and many of our examples of cut-strong formulae 
would also be cut-strong in the intuitionistic case. On the other hand, assuming we only 
treat the classical case, we could restrict to negation normal forms in the same way that we 
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restrict to /^-normal forms. This would eliminate the need to consider the rules G{~^) and 
G(Inv^). Both of these alternatives are reasonable. The choices we have made are for ease 
of presentation and to make the connection with [5] as simple as possible. 

3.2. Abstract Consistency Classes for Sequent Calculi. For any sequent calculus Q 
we can define a class of sets of sentences. Under certain assumptions, is an abstract 
consistency class. First we adopt the notation and for the sets {-iA[A S <!>} and 
{Ai^|A G $}, resp., where $ C cwffg{T,). Furthermore, we assume this use of binds 
more strongly than U or *, so that -i<I> U A means (-i^*) U A and ^<1> * A means (^^*) * A. 

Definition 3.2. Let ^ be a sequent calculus. We define to be the class of all finite 
$ C cwffg{T,) such that ^ ^ij3 does not hold. 

In a straightforward manner, one can prove the following results (see the Appendix). 

Lemma 3.3. Let Q be a sequent calculus such that G(Inv^) is admissible. For any finite 
sets ^ and A of sentences, if ^ U -lA ^ I^, then hg <I>J.^ U Ai^ holds. 

Theorem 3.4. Let Q be a sequent calculus. If the rules Q{Inv^), G{~^), G{weak), Q{init), 
Q{\/ Q{\/+), G{nS) and Q{n_^) are admissible in Q , then € 2tcc/3. 

We can furthermore show the following relationship between saturation and cut (see 
the Appendix). 

Theorem 3.5. Let Q be a sequent calculus. 

(1) If Q [cut) is admissible in Q, then is saturated. 

(2) If Q{-^) and Q{Inv^) are admissible in Q and is saturated, then Q{cut) is admissible 
in Q. 

Since saturation is equivalent to admissibility of cut, we need weaker conditions than satu- 
ration. A natural condition to consider is the existence of saturated extensions. 

Definition 3.6 (Saturated Extension). Let * € and Is,Is ^ 2tcc* be abstract consis- 
tency classes. We say is an extension of Is if $ € for every sufficiently S-pure $ € Is. 
We say I^ is a saturated extension of Is if Is is saturated and an extension of Is . 

There exist abstract consistency classes F in 2lcc/3ff, which have no saturated extension. 

Example 3.7. Let ao,bo, qo-*o G S and ^ : = {a,b,{qa),^{qb)}. We construct an abstract 
consistency class Is from $ by first building the closure <!>' of <I> under relation =^3 and then 
taking the power set of It is easy to check that this Is is in 2lcc/3fti- Suppose we have 
a saturated extension I^ of Is in 2lcc/3f[,- Then <I> G I^ since <I> is finite (hence sufficiently 
S-pure). By saturation, <I> * (a =° 6) G F^ or <I> * -i(a =° 6) € I^. In the first case, applying 
with the constant q, Vv and Vc contradicts (qa), -^(qb) £ ^. In the second case, Vt, and 
Vc contradict a,b € <I>. 

Existence of any saturated extension of a sound sequent calculus G implies admissibility 
of cut. The proof uses the model existence theorem for saturated abstract consistency classes 
(cf. [5](6.34)). The proof is in the Appendix. 

Theorem 3.8. Let Q be a sequent calculus which is sound for IfT^ has a saturated 
extension I^ G 21cc=k, then G{cut) is admissible in Q. 
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3.3. Sequent Calculus Qp. We now study a particular sequent calculus Gjs defined by the 
rules G{init), ^(V_), ^(V+), g{nS) and ^(iTf) (of. Figure [2]). It is easy to show 

that is sound for the eight model classes and in particular for class Tip. 
The reader may easily prove the following Lemma. 

Lemma 3.9. Let A G ctuffgiJ^) be an atom, B G cwffi^{Ti), and A be a sequent. 

(1) A*A<;4>A :=A* -■(-•(-•A V A) V -.(^A V A)) is derivable in 7 steps in Qp. 

(2) A * B B : = A * n"(APa_»o.^(PB) V (PB) is derivable in 3 steps in Gp. 

The proof of the next Lemma is by induction on derivations and is given in the Appen- 
dix. 

Lemma 3.10. The rules Q{Inv^) and Q{weak) are 0-admissible in Qp. 

Theorem 3.11. The sequent calculus Qp is complete for the model class dJlp and the rule 
Q{cut) is admissible. 

Proof. By Theorem 13.41 and Lemma [3. 101 L^" € 2tcc/3. Suppose hg^ A does not hold. Then 
-lA € 2tcc/3 by Lemma [3.31 By the model existence theorem for Slcc/j (cf. [6j(8.1)) there 
exists a model for -lA in 9Jl^. This gives completeness of Qp. We can use completeness to 
conclude cut is admissible m Qp. □ 

Andrews proves admissibility of cut for a sequent calculus similar to Gp in [Ij. The 
proof in [1] contains the essential ingredients for showing completeness. 

While Q{cut) is admissible in Qp the next theorem shows that Q{cut) is not /c-admissible 
in Qp for any /c £ N, which means Qp is not only superficially cut-free and that by adding 
Q{cut) to Qp we can achieve significantly shorter proofs. 

Theorem 3.12. Q(cut) is not k-admissible in Qp for any A; G N. 

Proof. The proof is not formally worked out here; we only sketch the argumentation: The 
main idea is to show that the hyper-exponential speed-up results known for first-order logic 
do transfer to (the first-order fragment of) our calculus. For this, we compare our sequent 
calculus Qp with a standard first-order variant of it which we call Q^'^ (this only requires 
appropriate modifications of the rules Q{nS) and Q{n_^)). Clearly, any first-order sequent 
which can be derived in Q^'^ can be derived in Qp with the same number of steps (using 
essentially the same derivation). More interestingly, one can show that for any derivation 
T> in Qp of a first-order sequent A there is a derivation T>' in Q^'^ of A with the same 
number of rule applications. (During the induction, one collapses higher-order terms to 
first-order terms in such a way that first-order terms collapse to themselves.) Thus no 
speedup with respect to first-order provability can be achieved by using Qp instead of the 
cut-free first-order sequent calculus Qp'^. Finally we refer to the following results: 

• Theorem 5.2.13 in [19] shows that for a classical first-order sequent calculus there is at 
least an exponential speed-up of proofs with cut. Furthermore, Propositions 6.11.3 and 
6.11.4 there show a related hyper-exponential speed-up result. 

• An example for hyper-exponential speed-up is also given in \18\ I13j. 

• In higher-order logic the speed-up should be faster than any primitive recursive function 
according to the "curious inference" George Boolos presents in [7]. 

□ 
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We will now show that Q{cut) actually becomes fe-admissible in Qj3 if certain formulae 
are available in the sequent A we wish to prove. 

4. Cut-Simulation 

4.1. Cut-Strong Formulae and Sequents. A;-cut-strong formulae can be used to effec- 
tively simulate cut. Effectively means that the elimination of each application of a cut-rule 
introduces maximally k additional proof steps, where k is constant. 

Definition 4.1. Given an arbitrary but fixed number /c > 0. We call formula A S cwffgCE) 
k-cut-strong for Q (or simply cut-strong) if the following cut rule variant is /c-admissible in 

A*C A*^C^, 
A * 

We can alternative state the condition for A to be k-cut-strong for Q as follows: For all A 
and C, if hg A * C in n steps and \rg A * -iC in m steps, then hg A * -lA in at most 
n + m-^ k steps. 

Our examples below illustrate that cut-strength of a formula usually only weakly de- 
pends on the calculus Q: it only presumes standard ingredients such as /3- normalization, 
weakening, and rules for the logical connectives. 

We present some simple examples of cut-strong formulae for our sequent calculus Qp. 
A corresponding phenomenon is observable in other higher-order calculi, for instance, for 
the calcuh presented in [H[4l[8l[T2]. 

Example 4.2. The Formula VPo-P := n°(APo-P) is 3-cut-strong in Qp. This is justified by 
the following derivation which actually shows that rule Q{cut^) for this specific choice of 
A is derivable in Qjj by maximally 3 additional proof steps. The only interesting proof step 
is the instantiation of P with formula D : = -iC V C in rule G{nP). (Note that C must be 
/3-normal; sequents such as A * C by definition contain only /3-normal formulae.) 

A * C ^/ \ 

A*^(^C VC) ~' 
A * -.U°{XPo.P) ' 

Clearly, \/Po-P is not a very interesting cut-strong formula since it implies falsehood, i.e. 
inconsistency. 

Example 4.3. The formula 'iPo.P ^ P := n°(APo-^^'VP) is 3-cut-strong in Gp. This is an 
example of a tautologous cut-strong formula. Now P is simply instantiated with D : = C in 
rule G{nP). Except for this first step the derivation is identical to the one for Example [ 



-'^Here, we could alternatively use (fc-)derivability (see [TO]) to give a stronger but less general notion of 
fc-cut-strongness. In fact, all axioms we discuss in this paper would remain fe-cut-strong. From a proof 
theoretic point of view one may argue that this alternative notion leads to a more interesting result although 
it may generally apply to fewer axioms. 
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Example 4.4. Leibniz equations M N : = n"(AP.-iPM V PN) (for arbitrary formulae 
M, N G cwff^{T,) and types a G T) are 3-cut-strong in Q/^. This includes the special cases 
M =" M. Now P is instantiated with D := XXa.C in rule Q{nP). Except for this first 
step the derivation is identical to the one for Example 14.21 

Example 4.5. The original formulation of higher-order logic (cf. [15]) contained com- 
prehension axioms of the form C := 3P^i^ .^n^^X'^.PX'^ ''^^o- where Bq G wff^{T,) 

is arbitrary with P ^ /ree(B). Church eliminated the need for such axioms by for- 
mulating higher-order logic using typed A-calculus. We will now show that the instance 
:= BP^^o-^^X^.PX <^ X =^ X is 16-cut-strong in (note that Q{weak) is 0-admissible) . 
This motivates building-in comprehension principles instead of treating comprehension ax- 
iomatically. 



3 steps; see Lemma [ 
A * ^{pa =^ a = a) * a = a 



Derivation T) is: 



A * ^{pa =^ a = a) * -i-i(a = a) V ^ 

A * ^{pa =^ a = a) * ^{^{a = a) V pa) ^ 
A * -'(pa ^ a =' a) V -i(a ='' a ^ pa) ^ 
A * -n^{^{pa ^a = a)y ^(g = a^ pa)) g,^a,^ 

A * -^W{\X,.pX ^X='X) Q<npL^ 

^*w^"{\p'^°.^ji'{\x,.px ^ X = X)) ; + ' 
-KTF^ ^^^^ 



A * C A * 

: 3 steps; see Ex. H? 

Q{mit) 



A*pa*^pa ^^';7 A.^(a =° a) 

inn. 



A * —<^pa * -^pa A * -i(a = a) * ^pa 



A * -^{-^pa y a = a) * -^pa 

As we will show later, many prominent axioms for higher-order logic also belong to the 
class of cut-strong formulae. 

4.2. Cut-Simulation. The cut-simulation theorem is a main result of this paper. It says 
that cut-strong sequents support an effective simulation (and thus elimination) of cut in 
Qp. Effective means that the size of cut-free derivation grows only linearly for the number 
of cut rule applications to be eliminated. 



Definition 4.6. A sequent A is called k-cut-strong (or simply cut-strong) if there exists a 
fe-cut-strong formula A G cwffg{T,) such that ^A G A. We call A the k-realizer of A. 



We first fix the following calculi: Calculus extends Qp by the rule Q{cut) and 



calculus QJ^ extends Qj3 by the rule G{cut ) for some arbitrary but fixed cut-strong 
formula A. 
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Theorem 4.7. Let A be a k-cut-strong sequent with realizer A. For each derivation 
D: hpcut A with d proof steps there is an alternative derivation V : i- ^^a A with d 

proof steps. 

Proof. Note that the rules Q{cut) and Q{cut^) coincide whenever -lA € A. Intuitively, we 
can replace each occurrence of Q{cut) in P by Q{cut^) in order to obtain a T)' of same size. 
Technically, in the induction proof one must weaken to ensure A stays in the sequent and 
carry out a parameter renaming to make sure the eigenvariable condition is satisfied. □ 

Theorem 4.8. Let IS. he a k-cut-strong sequent with realizer A. For each derivation 
'^rcut^ ^ with d proof steps and with n applications of rule Q{cut) there exists an 

alternative derivation V : hg^ A with maximally d + nk proof steps. 

Proof. A is /c-cut-strong so by definition Q{cut^) is A;-admissible in Qp. This means that 
Q{cut^) can be eliminated in V and each single elimination oiQ{cut^) introduces maximally 
k new proof steps. Now the assertion can be easily obtained by a simple induction over 
n. □ 

Corollary 4.9. Let IS. he a k-cut-strong sequent. For each derivation T): hgcut A with d 

proof steps and n applications of rule Q{cut) there exists an alternative cut- free derivation 
V : i-g^ A with maximally d + nk proof steps. 



5. The Extensionality Axioms are Cut-Strong 

We have shown comprehension axioms can be cut-strong (cf. Example 14. 5p . Further 
prominent examples of cut-strong formulae are the Boolean and functional extensionality 
axioms. The Boolean extensionality axiom (abbreviated as Bo in the remainder) is 

V^o.VBo.(A ^B)^ A= B 

The infinitely many functional extensionality axioms (abbreviated as J^) are parameterized 
over a, (3 G T. 

VF,^^.VG„^^.(VX«.FX =^ GX) ^ F =''^^ G 
These axioms usually have to be added to higher-order calculi to reach Henkin com- 
pleteness, i.e. completeness with respect to model class Tlf^^i,. For example, Huet's con- 
strained resolution approach as presented in [12j is not Henkin complete without adding 
extensionality axioms. The need for adding Boolean extensionality to this calculus is ac- 
tually illustrated by the set of unit literals $ := {a,b, {qa),^{qb)} from Example 13. 7[ As 
the reader may easily check, this clause set which is inconsistent for Henkin semantics, 
cannot be proven by Huet's system without, e.g., adding the Boolean extensionality axiom. 
By relying on results in [1], Huet essentially shows completeness with respect to model class 
Tljs as opposed to Henkin semantics. 

We will now investigate whether adding the extensionality axioms to a machine-oriented 
calculus in order to obtain Henkin completeness is a suitable option. 

Theorem 5.1. The Boolean extensionality axiom Bo is a lA- cut- strong formula in Qjj. 
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Proof. The following derivation justifies this theorem (oq is a parameter). 

7 steps; see Lemma 13.91 

: A * C A * 

A*a^ a g|^_^ '. 3 steps; see Ex. 



A * ^^(g ^ g) A*^(g =° g) 

A * -i(-i(g <^ g) V g = g) ^,^„. 
' ^ 

□ 

Theorem 5.2. The functional extensionality axioms are 11 -cut- strong formulae in Qp. 

Proof. The following derivation justifies this theorem {fa^i3 is a parameter). 
3 steps; see Lemma [ 



^ * /Q /g ^(77^«) A*C A*-C 

A * (VX,./X =^ fX) ^ : 3 steps; see Ex. 



A ^^VX^./X fX A* ^(/ ="-^ /) ^ 

□ 

In [1] and [8] we have already argued that the extensionality principles should not be 
treated axiomatically in machine-oriented higher-order calculi and there we have developed 
resolution and sequent calculi in which these principles are built-in. Here we have now 
developed a strong theoretical justification for this work: Corollary 14.91 along with Theo- 
rems 15.21 and 15.11 tell us that adding the extensionality principles Bo and as axioms to a 
calculus is like adding a cut rule. 

In Figure [3] we show rules that add Boolean and functional extensionality in an ax- 
iomatic manner to More precisely we add rules G{Jhi3) and allowing to introduce 
the axioms for any sequent A; this way we address the problem of the infinitely many 
possible instantiations of the type-schematic functional extensional axiom J^. 



e(^) -G{B) 

A A 

Figure 3: Axiomatic Extensionality Rules 

Calculus Qp enriched by the new rules QiJ^p) and G{B) is called Q^. Soundness of the 
the new rules is easy to verify: In [5] (4.3) we show that Q{J^) and G{B) are valid for Henkin 
models. 
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A * (VX„.AX =^ BX] 



^ r(i\ A * -lA * B A*-iB*A^,,, 



A * (A ="^'^ B) A * (A =° B) 

Figure 4: Proper Extensionality Rules 

5.1. Replacing the Extensionality Axioms. In Figure S] we define alternative exten- 
sionality rules which correspond to those developed for resolution and sequent calculi in [3] 
and [8]. 

Calculus Qp enriched by t/(f) and ^(b) is called Q^^. Soundness of C/(f) and Q{b) for 
Henkin semantics is again easy to show. 

Our aim is to develop a machine-oriented sequent calculus for automating Henkin com- 
plete proof search. We argue that for this purpose ^(f) and ^(b) are more suitable rules 
than Q{Jhi3) and Q{B). 

Our next step now is to show Henkin completeness for . This will be relatively easy 
since we can employ cut-simulation. Then we analyze whether calculus Q^^^^ has the same 

deductive power as Q^. 

First we extend Theorem 13.41 The proof is given in the Appendix. 

Theorem 5.3. Let Q he a sequent calculus such that Q{Inv^) and Q{-^) are admissible. 

(1) IfQ(^) and G{n^) are admissible, then satisfies Vj. 

(2) IfQ{b) is admissible, then satisfies Vt,. 

Theorem 5.4. The sequent calculus is Henkin complete and the rule Q{cut) is 12- 
admissible. 

Proof. Q{cut) can be effectively simulated and hence eliminated in by combining rule 
Q{^^) with the 11-step derivation presented in the proof of Theorem 15.21 

gE 

Let I^'' be defined as in Definition 13. 2i We prove Henkin completeness of by 

showing that the class is a saturated abstract consistency class in Stcc^f^,. We here 
only analyze the crucial conditions V[,, Vf and V^at- For the other conditions we refer to 
Theorem 13.41 Note that 0-admissibility of Q{Inv^) and Q{weak) can be shown for by a 
suitable induction on derivations as in Lemma l3.10i 

Vj: G{n_^) is a rule of and thus admissible. According to Theorem 15.31 it is thus 
sufficient to ensure admissibility of rule Q{f) to show Vj. This is justified by the 
following derivation where N : = A ="^^ B and M : = (VX„.AX =^ BX)j^ (for 
/3-normal A, B). 



A * {yXa.AX =^ BX) 



^ r>i 7 \ derivable 
— yyweak) : 



A * N * M Q( 

A*N*^^M A * n" * 

A * N * ^(^M V N) ^„ 



A * N * ^Fap 
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Vf,: With a similar derivation using Q{B) we can show that ^(b) is admissible. We 

conclude Vj, by Theorem 15. 3i 
Vsat' Since Q{cut) is admissible we get saturation by Theorem 13. 5i □ 

Does Qj^^ have the same deductive strength as I.e., is G^^fj Henkin complete? We show 
this is not yet the case. 

Theorem 5.5. The sequent calculus Q^^^ is not complete for Henkin semantics. 

We illustrate the problem by a counterexample. 

Example 5.6. Consider the sequent A := {^a,^b,^{qa), (qb)} where ao,bo, 
qo^o £ 5] are parameters. For any A4 = {V, @, £, v) S ^pp, either v{£{a)) = F, v{£{b)) = F 
or £{a) = £{b) by property b. Hence sequent A is valid for every M. G 9Jt/3ffa. However, 
i-^- A does not hold. By inspection, A cannot be the conclusion of any rule. 

In order to reach Henkin completeness and to show cut-elimination we thus need to 
add further rules. Our example motivates the two rules presented in Figure [5j Q{Init^) 
introduces Leibniz equations such as qa =° qb as is needed in our example and Q{d) realizes 
the required decomposition into a =° b. 

A*(A=°B) (t) A*(Ai="^Bi) ... A*(A"="" B") {X) 

— ^ -^g(imt=) . _ ^(d) 

(t) A,B atomic (t) n > € {a, l}, G S parameter 

Figure 5: Additional Rules Q{Init^) and Q{d) 

We thus extend the sequent calculus Q^^ to ^/jff, by adding the decomposition rule Q{d) 

and the rule Q(Init^) which generally checks if two atomic sentences of opposite polarity 
are provably equal (as opposed to syntactically equal). 

Is Qi3p complete for Henkin semantics? We will show in the next Section that this 
indeed holds (cf. Theorem 16. 3p . 

With and Gp^ we have thus developed two Henkin complete calculi and both calculi 
are cut-free. However, as our exploration shows, "cut-freeness" is not a well-chosen crite- 
rion to differentiate between their suitability for proof search automation: G^ inherently 
supports effective cut-simulation and thus cut-freeness is meaningless. 

The next claim, which is analogous to Theorem 13. 121 has not been formally proven yet. 
It claims that, in contrast to G^ , the cut-freeness of Gpp is meaningful. 

Claim 1. G{cut) is not A;-admissible in Gpp- 



The proof idea is similar to that of Theorem 13. 12^ however, the two additional rules 
G{Init^) and G{d) do introduce additional technicalities which we have not fully worked 
out yet. 

The criterion we propose for the analysis of calculi in impredicative logics is "freeness 
of effective cut-simulation". The idea behind this notion is to capture also hidden sources 
(such as the extensionality axioms) where the subformula property may break and where 
the cut rule may creep in through the backdoor. 
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5.2. Other Rules for Other Model Classes. In [6j we developed respective complete 
and cut-free sequent calculi not only for Henkin semantics but for five of the eight model 
classes. In particular, no additional rules are required for the /?, /3r/ and I3£, case. Meanwhile, 
the /3f case requires additional rules allowing r/-conversion. We do not present and analyze 
these cases here. 

6. Acceptability Conditions 

We now turn our attention again to the existence of saturated extensions of abstract 
consistency classes. 

As illustrated by Example 13.71 we need some extra abstract consistency properties to 
ensure the existence of saturated extensions. We call these extra properties acceptability 
conditions. They actually closely correspond to additional rules Q{Init^) and Q{d). 

Definition 6.1 (Acceptability Conditions). Let Is be an abstract consistency class in 
Slcc^fi,- We define the following properties: 

Vm If A, B G cwffg{T.) are atomic and A, -.B € then $ * -.(A =° B) G T^. 

Vd If -'(/lA" =^ /iB") € $ for some types Oj where /3 G {o,l} and h^^^ G S is a 

parameter, then there is an i (1 < i < n) such that $ * -i(A* =" B*) G Is. 

We now replace the strong saturation condition used in [5] by these acceptability conditions. 

Definition 6.2 (Acceptable Classes). An abstract consistency class Is G Stcc^fi, is called 
acceptable in 2lcc/3f{, if it satisfies the conditions Vm and V^. 

One can show a model existence theorem for acceptable abstract consistency classes in 
2lcc/3fi, (cf. [6] (8.1)). From this model existence theorem, one can conclude Qp^^, is complete 
for 9Jt/3fi, (hence for Henkin models) and that cut is admissible in Q^^. 

Theorem 6.3. The sequent calculus Qf^p is complete for Henkin semantics and the rule 
Q{cut) is admissible. 

Proof. The argumentation is similar to Theorem 13 . 1 II but here we employ the acceptability 
conditions Vm and V^. □ 

One can further show the Saturated Extension Theorem (cf. [^(9.3)): 

Theorem 6.4. There is a saturated abstract consistency class in Stcc/jfi, that is an extension 
of all acceptable Is in 2tcc/3ft,- 

Given Theorem 13.81 one can view the Saturated Extension Theorem as an abstract 
cut-elimination result. 

The proof of a model existence theorem employs Hintikka sets and in the context of 
studying Hintikka sets we have identified a phenomenon related to cut-strength which we 
call the Impredicativity Gap. That is, a Hintikka set 7i is saturated if any cut-strong formula 
A (e.g. a Leibniz equation C = D) is in 7i. Hence we can reasonably say there is a "gap" 
between saturated and unsaturated Hintikka sets. Every Hintikka set is either saturated or 
contains no cut-strong formulae. 
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7. Conclusion 

We have shown that adding cut-strong formulae to a calculus for an impredicative 
logic is like adding cut. For machine-oriented automated theorem proving in impredicative 
logics — such as classical type theory — it is therefore not recommendable to naively add 
cut-strong axioms to the search space. In addition to the comprehension principle and 
the functional and Boolean extensionality axioms as elaborated in this paper the list of 
cut-strong axioms includes: 

Example 7.1 (Other Forms of Defined Equality.). Formulas A =" B are 4-cut-strong in 
Qp where =" is XXa.XYa.\/Q Za.{Q Z Z)) ^ {Q X Y) (cf. [3]). The argument is 
similar to Examples I4.2IH31 here we the crucial step is to instantiate Q with XXa.XYa.C. 

Example 7.2 (Axiom of Induction.). The axiom of induction for the naturals VPt-»o-^0 A 
(VA^.PA =^ P{sX)) =^ VA^.PA is 18-cut-strong in Qf^. (Other well-founded ordering 
axioms are analogous.) The crucial step in the proof is to instantiate P with XX ^.a =° a 
for some parameter ao- 

Example 7.3 (Axiom of Choice.). 3I(^a^g^^g.\/Qa-*o-{^Xa.QX) =^ Q{IQ) is 7-cut-strong 
in Qp. The crucial step is to instantiate Q with AA^.C. 

Example 7.4 (Axiom of Description.). 3/^ 0,^0)^0. V(5q._>o. (3iy„.gy) ^ Q(/Q), the de- 
scription axiom (see [2]), where 3iYa.QY stands for JY^.QY A (^Za.QZ =^ Y = Z) is 
25-cut-strong in Qp. The crucial step in the proof is to instantiate Q with AA^.a =° A for 
some parameter Cq,. 

As we have shown in Example 14.51 comprehension axioms can be cut-strong. Church's 
formulation of type theory (cf. [9] ) used typed A-calculus to build comprehension principles 
into the language. One can view Church's formulation as a first step in the program to 
eliminate the need for cut-strong axioms. For the extensionality axioms a start has been 
made by the sequent calculi in this paper (and [6]), for resolution in [4] and for sequent 
calculi and extensional expansion proofs in [8]. The extensional systems in [5] also provide 
a complete method for using primitive equality instead of Leibniz equality. For improving 
the automation of higher-order logic our exploration thus motivates the development of 
higher-order calculi which directly include reasoning principles for equality, extensionality, 
induction, choice, description, etc., without using cut-strong axioms. 
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Appendix 

Proof of Lemma 13.31 

Proof. Suppose $ U -lA ^ . By definition, hg -■ U Ai^g holds. Applying Q{Inv^) 
to each member of Ai^, we have hg <1>|^ U Ai^- □ 

Proof of Theorem 13. 4t 

Proof. We prove is closed under subsets and satisfies Vc, V-,, Vv, Va and Vg. The 
remaining conditions are proven analogously. 

Suppose $ G r^, If $0 ^ <^ and ^>o ^ T^?, then hg -■ <I>oi^ and so hg -■ $1^ by 
admissibility of Q{weak). Hence 1^ is closed under subsets. 

Suppose <I> G 1^ and A, -i A G <I> where A is atomic. By admissibility of Q{init), 
hg -■ <I>|^ * Ai^ since -■ AJ,^ G -■ ^[p. By admissibility of hg -■ since AJ,^ G 

-1 $1^, contradicting $ G T^. Thus Vc holds. 

Suppose ^ G r^, -i-iA G <I> and <I) * A ^ T^?. Hence hg -■ <I>|^ * -■ AJ,^ and so 
hg -1 * -1-1-1 Ai^ by admissibility of G{-^). Since -i-iA G we know -i is equal to 
-1 * -1-1-1 Al^. Hence hg -i $J,^, contradicting $ G T^?. Thus holds. 

Suppose $ G r^?, (A V B) G $ * A ^ F^? and ^> * B ^ . Hence - * ^ AJ,^ 
and hg -i * -i Bj^. Applying ^/(V_), we have IHg ^>i^ since (A V B)|^ G -■ ^>i^, 

contradicting $ G I^. Thus Vv holds. 

By a similar argument, admissibility of G{nS) implies V/- 

Suppose ^> G r^?, ^(A V B) G $ and $ * ^A * ^B ^ . By Lemma ESI hg 
^ * Ai^ * Bi^. Applying ^(V+), we have hg ^ $J,^ * (A V B)j^. Applying a(^), we 

have hg -1 since -■(A V B) G contradicting <I> G l^- Thus Va holds. 

By a similar argument, admissibility of Q{n_^), Q(Inv^) and ^(-i) imply V3. 

Suppose <^ G Fj?, A G A=^B and <I>*B ^ L^. Hence hg -1 <I>J,^*-i BJ,^, contradicting 
Ai^ G $i/3 and $ G Fj?. Thus Vp holds. □ 

Proof of Theorem 13. 5t 

Proof Suppose g{cut) is admissible, $ G F^, A G cwffg{T,), $ * A ^ F^ and <I> * ^A ^ F^. 
Hence i-g -■ * -■ Ai^ and H-g -• <I>i^ * Aj^. Using Q{cut), we have H-g -• $1^, 
contradicting $ G I^. 

Suppose is saturated, H-g A*C and H-g A*-iC hold but hg A does not. Applying 
Q{-^) to every member of A and to C we have IHg ^-lA * -i-iC and hg -i-iA * -iC. By 
Lemma [3.31 we know -lA G I^. By saturation, we must have -iA*C G or -iA*-iC G I^. 
The first case contradicts i-g ^-lA * -iC while the second case contradicts H-g ^-lA * -i-iC. 

□ 
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Proof of Lemma 13. 8t 

Proof. Suppose € 2lcc* is a saturated extension of I^. Assume hg A*C and hg A*-iC 
hold and hg A does not. By Lemma 13.31 we know -lA S I^. Since -lA is finite (hence 
sufficiently S-pure), -lA € I^. By the model existence theorem for saturated abstract 
consistency classes (cf. Theorem [5j(6.34)), there is a model M. G 971* such that M. \= -lA. 
By soundness of I^, we know both A * C and A * -iC must be valid in Ai. Since A4 \= -lA, 
we must have A4 \= C and A4 \= ^C, a contradiction. □ 

Proof of Lemma I3.10t 

Proof. We can argue 0-admissibility of Q{Inv^) and Q(weak) by induction on derivations. 
We use the notation hg^ A to indicate there is a derivation with size at most n of A. For 
negation inversion, we need to show hg^ A * A whenever hg^ A * -i-iA. First assume 
^-lA is a principal formula of the last rule applied. This is only possible if the last rule is 
Examining Q{-^), we have either A * A or H~g~^ A * -i-iA * A. In the first 

case, we are done. Otherwise, we apply the induction hypothesis to ^gj^ A * -i-iA * A 
and obtain A * A as desired. Next assume -i-iA is not a principal formula of the 

last rule. In this case, the application of rule r concludes hg^ (A' * -i-iA) U Aq from 

hg^ (A' * -1-1 A) U Aj (with 1 < i < m) where Aq contains the principal formulae of the 
rule application (a singleton unless the rule is Q{imt)) and + • • • + n™ < n — 1. Applying 
the inductive hypothesis, we have hg^ (A' * A) U Aj for 1 < i < m. Applying rule r we 
have hg^ (A' * A) U Aq. (For the case where r is Q{n_^) we use the fact that the same 
parameters occur in A and -i-iA.) 

To prove 0-admissibility of weakening, we generalize the statement to include a param- 
eter renaming (to handle the G{n^) rule). A parameter renaming is a well- typed map 
from parameters to parameters extended to operate on arbitrary terms. Note that if A is 
/3-normal, then ^(A) is also /3-normal. Also, if A is atomic, then ^(A) is atomic. We prove 
for any n. A, A' and parameter renaming 9, if hg^ A and ^(A) € A' for every A G A, then 

hg^ A'. Applying this with the identity parameter renaming 9, we have 0-admissibility of 
Q{weak). 

Suppose hg^ A and ^(A) G A' for every A G A. First, assume the last rule application 
is with principal formula (n°G) G A. In this case we know Aq * (Gcq,)|^ 

where Aq * (HG) is A and c does not occur in any sentence in A. Choose a parameter do- 
such that d does not occur in any sentence in A'. Let 9' be the parameter renaming given 
by 9'{c) : = d and 9'{w) : = 9{w) for parameters w other than c. Let A" be A'* (0(G)(i)|^. 
For each A G Aq C A, we know 9'{A) = 9(A) G A' C A" (since c does not occur in any 
sentence in A). Also, since c does not occur in G, 9'{{Gc)[^) = (^(G)d)|^ G A". Hence 

we can apply the induction hypothesis with n — 1, Aq * (Gc)|^, A" and 9' to conclude 
hg~^ A'* {9{G)da)lp. ^^^^^ ^ "^o^s occur in A' and 6l(nG) G A', we can apply GiHf) 
to conclude hg^ A'. 

Next, assume the last rule applied is G{nS)- Hence Aq * -i (GC)J^^ where Aq * 

^(HG) is A. We apply the induction hypothesis with Aq* (GC)L, A'*^ (6'(GC))L 
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and e to conclude h^'^ A'*^ (^(GC))|^. Applying the rule G{n^^^^), we obtain h^'^ A' 

as desired. (Note that e{-^IlG) e A'.) 

Finally, assume the last rule application is not Q{n^) and not G{nS)- Let r be the last 

rule applied. The rule r concludes hg^ A from hg^ AoUAj where Aq C A, 1 < i < m and 
+ • • • + < n — 1. For each i, we can apply the induction hypothesis with n', Aq U Aj, 
A' U {6'(A)|A G Aj} and 9 to conclude h^l A' U {6'(A)|A G A,;}. Applying the same rule 
r we conclude hg^ A'. □ 

Proof of Theorem 15. 3t 

Proof. Assume the rules G{f) and Q{n!^) are admissible. If ^(G ="^^ H) G $ and hg 
^ %p * {Gw =^ Hw) (with Wa new) holds, then we can show hg ^ holds using 
g{n^) and e(f). 

Assume the rule Q{h) is admissible. Suppose $ G F^, -.(A =° B) G ^> * A * -.B ^ F^ 
and $ * ^A * B ^ F^. By LemmaESl hg ^ $J,^ * -, Aj^ * Bj^ and hg -. * AJ,^ * Bj^. 
Applying ^(b), hg - * (A =" B)|^. Applying g(-), - since -(A =° B) G 

contradicting $ G I^. Thus V[, holds. □ 
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